FORMALIZED GENERIC PROCESS DEFINITION. This section formalizes the generic process definition of SESAMO using UML activity diagrams. The overall process is based on the V-Model approach as depicted in Figure 8 and adopts ideas from IEC 61508 and ISO 26262. The different steps in this process will be described in detail in the following sub sections, with the main emphasis put on the activities related to safety and security. Because of the fact that this process is closely related to already existing safety standards, the extensions made for security are marked in red on the UML activity diagrams. Although the SESAMO generic process can be read as a joint process integrating both safety and security activities, the degree to which these activities are intermeshed can be adapted according to the workflow management within an enterprise. That means depending on the organizational structure of an enterprise the activities can be performed in parallel within one team consisting of both security and safety experts as well as in more separated or sequential ways involving different teams. However there have to be well-defined synchronization points between the security and safety activities that should lead to common work products, e.g. a common system design. This issue is discussed in more detail in Chapter 7. The description of the activities includes their associated roles and corresponding work products. analysis Business Workflow s Concept of Operations Safety and Security Validation Validation Result Test Results System Design Integration and Testing Technical Safety/Security Requirements and System Architecture Implementation Development Functional Safety/Security Requirements and Preliminary Architecture Figure 8 – Generic Process Definition
